ISO 27001 was initially published by the International Organization for Standardization (ISO) on 15 October, 2005 and revised on 01 October, 2013. Essentially, ISO/IEC 27001 defines an Information Security Management System (ISMS). ISMS is a structured and systematic approach to manage information & assets of the organization by maintaining confidentiality, integrity and availability. This standard establishes the worldwide best security practices as the Information Security policies and procedures that eventually reduce the probability of internal and external attacks on Information Assets and also limit the damage caused by an inadvertent or malicious incident.
1. Gap Analysis: Consultants carry out a Gap analysis activity to determine the gaps with respect of ISO 27001 by thoroughly reviewing the current practices of the client organization. Gap Analysis Report is developed and based on that, a high level Process Improvement (PI) Action Plan is developed to document actions to prepare for a getting certification.
2. ISMS Awareness and Implementation Training: A Lead Implementer training on ISO 27001 is provided to facilitate the organization and its key stakeholders to better understand the requirements of the standard.
3. Domain Analysis / Control Area Analysis: We do interactive session(s) with process owners and discuss the standard’s controls and try to establish a link that how ISO 27001 can best help the organization. This activity helps clients to understand the vital concepts of ISO 27001 Clauses and Domains as well as help them understand a road map specific to their organization.
4. Process Documentation for Client: We also offer to develop processes documentation (Processes and Artifacts Development / Process Optimization) for client. In this way client may get a detailed developed processes/artifacts for its organization within a short period of time and 100 % complient with the standard’s requirements.
5. Document Review: If client develops the Process Documentation We perform documentation review onsite / offsite to verify that all the developed Policies, Processes, Procedures, Standards, Guidelines and Artifacts are fulfilling the requirements of ISO 27001. Documentation Review Reports are provided to facilitate the client organization for improving its documentation.
6. Training Material Development: We help the client to develop Training Material for their defined Standard Processes and Policies. We also offer to develop training material for the clients.
7. Provide Training to Client: We assist the client in conducting trainings on standard processes to relevant staff in the organization. These trainings will focus on hands on exercises to help trainees better understand the core concepts of processes and how to apply them in different projects and departments. We also offer to deliver these trainings to client, because we have more expert trainers of every field.
8. Implementation Support: We facilitate our clients in implementing defined processes and maintainig objective evidences for audit. We also facilitate the client in convincing the practitioners and adopting the risk management approach.
9. Risk Assessment (Asset Risk Assessment): It is the most important and complex area of ISO 27001. Our consultants perform detailed Asset Risk Assessment for client.
10. Training on Asset Risk Assessment (Tool Development): The purpose of this training is to teach the practitioners how to perform Risk Assessment as per the requirements of ISO 27001. Our expert trainers provide training and facilitate in developing Risk Assessment Tool.
11. ISO 27001 Internal Audit Training: The training on Internal Auditing (ISO 27001) is provided to facilitate the organization in better evaluating the implemented processes of the organization. This training is also required for performing the Internal Audit activity as per the standard’s requirments of Clause 6.
12. Business Continuity Planning / Disaster Recover Planning: We facilitate the client in developing BCP and DRP because, proper and effective delivery of Business Continuity Management is a matter of survival. Our consultants ensure the continuity of critical processes of the client organization in case of any minor or major interruption.
13. Verification and Testing of BCP and DRP: Our consultants validate and verify the developed BCR / DRP for our client organization. We actually visit the client and test the developed BCP and DRP along with the backup sites and recovery sites.
14. Readiness Check (Pre-Audit): We do perform random audits (Readiness Check) to ensure that the organization is performing according to their defined processes and suggest any improvements that add value in their processes and controls. We also ensures that now the organization is ready to go for Certification Audit.
1.5. Get the client certified by the Certification Body:
Stage 1 and stage 2 Audit will be performed by the Certification Body, because a company which is providing consultancy can’t perform certification audit as per the standard’s requirments. We help the client in fixing the Stage 1 audit findings and also verify that all the findings have properly been fixed (closed).
16. Certification Retention: We facilitate our clients in retaining their earned certifications by performing readiness checks (Random Audits). Our consultants visit the client few days before the external audit to ensure that the organization is performing according to its defined processes and also suggest improvements in their defined processes. By performing these checks we ensure that the client will not lose its earned certification.
17. Compliance Monitoring (on regular intervals e.g., after one or two months. An on going activity): This is an on going activity, we visit the client on regular intervals to evaluate its compliance via performing readiness checks (random audits). We provide Compliance % Report on every visit. These intervals can be planned (after every one or two months) or can be unplanned.
1. ISMS Awareness and Implementation Training: An Implementer training course on ISO 27001 is provided to facilitate the organization and its key stake holders in better understanding the requirements of the standard.
2. Training on Asset Risk Assessment (Tool Development): It is the most important and complex area of ISO 27001. Our consultants provide a detailed training on Risk Assessment to the practitioners of the client. It covers a major part of ISO 27001 Standard.
3. ISO 27001 Internal Audit Training: The training on Internal Auditing (ISO 27001) is provided to facilitate the organization in better evaluating the implemented processes of the organization. This training is also required for performing the Internal Audit activity as per the standard’s requirements of Clause “9.2 Internal Audit”.
4. Training on Business Continuity Planning & Disaster Recover Planning: The purpose of this training is to provide better understanding to client’s personnel about BCP and DRP because, proper and effective delivery of Business Continuity Management is a matter of survival. Our experienced trainers provide expert coaching in better identifying Critical Business Processes and Services of the client organization. We also help the clients in developing BCP and DRP along with backup sites and recovery sites.